A private online group operating through a Discord channel dedicated to unreleased AI models has been using Anthropic's Claude Mythos Preview — the cybersecurity model the company has refused to release publicly because it considers it too dangerous — for weeks, according to a Bloomberg report picked up by TechCrunch, Euronews, Cybernews and others on April 21 and 22, 2026.
Anthropic confirmed it is investigating. "We're investigating a report claiming unauthorized access to Claude Mythos Preview through one of our third-party vendor environments," the company said in a statement, adding that it has seen no evidence that its own systems were impacted or that activity extended beyond the vendor environment.
How the group got in
According to Bloomberg, the group supposedly gained access on the same day Mythos was publicly announced. Members identified the model's online location by making educated guesses based on the URL format Anthropic has used for previous models, and leveraged credentials tied to an individual currently employed at a third-party contractor working with Anthropic. The group reportedly provided Bloomberg with screenshots and a live demonstration of Mythos in operation.
The Discord channel where the access was coordinated is a private forum whose members actively hunt for information about unreleased frontier AI systems. Anthropic has not publicly named the compromised vendor.
Why Mythos matters
Anthropic revealed earlier in April that Claude Mythos is the first model it has publicly deemed too high-risk for broad release. The company says Mythos can autonomously identify previously undisclosed vulnerabilities in software, write exploit code against them, and chain multiple bugs into working attack paths — capabilities that, if misused, could plausibly be turned against Fortune 100 companies, critical internet infrastructure or national defense systems.
Rather than open it up, Anthropic has rolled Mythos out under its "Project Glasswing" program to a narrow list of tech and financial partners — including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks — for use in scanning and hardening their own code and open-source dependencies. JPMorgan Chase is the only bank named as an official Glasswing partner; Goldman Sachs, Citigroup and other Wall Street banks are reportedly testing the model internally after U.S. Treasury officials urged them to evaluate it for defensive purposes.
Implications
The incident is a concrete illustration of a scenario AI safety researchers have been warning about: when a lab gates a model for safety reasons, the attack surface simply shifts to the contractors, integrators and cloud environments that still need access. For enterprises evaluating frontier-model partnerships, third-party access controls, credential hygiene and environment isolation are likely to move up the due-diligence checklist.
Anthropic has not yet said whether it will suspend the affected vendor's access or change how future restricted models are distributed. But for a company that positioned Mythos as proof that frontier labs can draw a hard line on dangerous capabilities, the reported breach is an uncomfortable stress test of that promise.
